MSI Center’s Named Pipe Vulnerability: A Systemic Risk
The recent discovery of a severe vulnerability in MSI Center, a software preinstalled on MSI laptops and desktops, highlights the systemic risks inherent in the gaming industry’s software supply chain. This vulnerability, which allows for system-level privilege escalation, is not an isolated incident but rather a symptom of a broader issue. Historically, MSI has relied on security by obscurity, which has proven ineffective in protecting against exploitation. This mirrors what happened to ASUS in 2020, when a similar vulnerability was discovered in their OEM software, affecting millions of users.
The vulnerability in MSI Center stems from a named pipe spawned by the ‘Notebook Foundation’ service, which allows any authenticated user to interact with it. This pipe provides commands that can be triggered, including disabling Windows Defender and gaining system-level privileges. The use of an outdated and insecure cipher, 3DES, to encrypt messages further exacerbates the issue. This is not a trivial matter, as it could be abused by malware to gain system-level privileges, compromising the security of millions of users.
The fact that this vulnerability can be triggered remotely via SMB on a LAN, resulting in Remote Code Execution (RCE), raises concerns about the broader implications of this issue. While successful exploitation requires valid login credentials for the target machine, this is still a significant risk, especially in environments where multiple users share the same machine or network.
MSI’s Response: A Mixed Bag
MSI’s response to this vulnerability has been a mixed bag. On the one hand, they prepared a patch for the vulnerability within two days of the report, which is a commendable effort. However, the fact that their PSIRT email was full and refusing to accept additional emails raises concerns about their vulnerability reporting process. This is not an isolated incident, as the author had to reach out to contacts to find an MSI employee who could help remedy the situation.
Furthermore, the fact that MSI did not have the ability to issue a CVE for this vulnerability is concerning. This highlights the need for better coordination between companies and the wider security community to ensure that vulnerabilities are properly documented and tracked.
The experience of the author, who has reported vulnerabilities to multiple companies, including Google, ASUS, AMD, TP-Link, and Netgear, highlights the broader issue of bug bounties. Despite reporting several vulnerabilities, the author has not received any payouts, which raises questions about the effectiveness of these programs in incentivizing responsible disclosure.
The Winners and Losers
The discovery of this vulnerability has significant implications for various stakeholders. Users of MSI laptops and desktops are the most affected, as they are exposed to the risk of system-level privilege escalation. MSI, as a company, is also affected, as this vulnerability damages their reputation and may lead to financial losses.
On the other hand, security researchers, like the author, are the winners, as they are able to identify and report vulnerabilities, helping to improve the overall security of the gaming industry’s software supply chain. The wider security community also benefits from the responsible disclosure of vulnerabilities, as it allows for the development of patches and mitigations.
The fact that this vulnerability can be triggered remotely via SMB on a LAN also raises concerns about the broader implications of this issue. Network administrators and security professionals will need to take steps to mitigate this risk, such as blocking SMB traffic or implementing additional security measures.
The Skeptical Case
Some may argue that this vulnerability is not a significant risk, as it requires valid login credentials for the target machine. However, this argument ignores the fact that this vulnerability can be triggered remotely via SMB on a LAN, which increases the attack surface. Furthermore, the use of an outdated and insecure cipher, 3DES, to encrypt messages further exacerbates the issue.
Historically, similar vulnerabilities have been exploited in the wild, resulting in significant security breaches. For example, the WannaCry ransomware attack in 2017 exploited a vulnerability in the SMB protocol, affecting millions of users worldwide. This highlights the need for a more cautious approach when evaluating the risks associated with this vulnerability.
The Signal to Watch Next
The next signal to watch is the release of the patched version of MSI Center, which is expected to be bundled with an upcoming release. Users should keep an eye on the MSI website for updates on the availability of the patch and apply it as soon as possible to mitigate the risk of system-level privilege escalation.
Additionally, the wider security community should monitor the development of this vulnerability, as it may be exploited in the wild. Security professionals should take steps to mitigate this risk, such as blocking SMB traffic or implementing additional security measures.
Pick one tactic from this post and apply it today. Which one will you start with?
By Daniel Cross, Digital Growth Strategist at TrendFlashy
Ready to launch your own asset?
Check out our guide on Building a Profitable Online Business.